cve/2013/CVE-2013-0169.md

### [CVE-2013-0169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

### POC

#### Reference
- http://www-01.ibm.com/support/docview.wss?uid=swg21644047
- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Artem-Salnikov/devops-netology
- https://github.com/Artem-Tvr/sysadmin-09-security
- https://github.com/Himangshu30/SECURITY-SCRIPTS
- https://github.com/Justic-D/Dev_net_home_1
- https://github.com/KaeminMoore/Securityscripts
- https://github.com/Kapotov/3.9.1
- https://github.com/Live-Hack-CVE/CVE-2013-1620
- https://github.com/Live-Hack-CVE/CVE-2016-2107
- https://github.com/PeterMosmans/security-scripts
- https://github.com/Vainoord/devops-netology
- https://github.com/Valdem88/dev-17_ib-yakovlev_vs
- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14
- https://github.com/WiktorMysz/devops-netology
- https://github.com/alexandrburyakov/Rep2
- https://github.com/alexgro1982/devops-netology
- https://github.com/bysart/devops-netology
- https://github.com/chnzzh/OpenSSL-CVE-lib
- https://github.com/dmitrii1312/03-sysadmin-09
- https://github.com/eldron/metls
- https://github.com/geon071/netolofy_12
- https://github.com/hrbrmstr/internetdb
- https://github.com/ilya-starchikov/devops-netology
- https://github.com/jquepi/tlslite-ng
- https://github.com/lnick2023/nicenice
- https://github.com/nikolay480/devops-netology
- https://github.com/odolezal/D-Link-DIR-655
- https://github.com/pashicop/3.9_1
- https://github.com/qazbnm456/awesome-cve-poc
- https://github.com/sahithipriya03/Security-using-python-scripts
- https://github.com/sailfishos-mirror/tlslite-ng
- https://github.com/stanmay77/security
- https://github.com/summitto/tlslite-ng
- https://github.com/tlsfuzzer/tlslite-ng
- https://github.com/xbl3/awesome-cve-poc_qazbnm456
- https://github.com/yellownine/netology-DevOps
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2013-0169](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.`

			`### POC`

			`#### Reference`
			`- http://www-01.ibm.com/support/docview.wss?uid=swg21644047`
			`- http://www.isg.rhul.ac.uk/tls/TLStiming.pdf`

			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Artem-Salnikov/devops-netology`
			`- https://github.com/Artem-Tvr/sysadmin-09-security`
			`- https://github.com/Himangshu30/SECURITY-SCRIPTS`
			`- https://github.com/Justic-D/Dev_net_home_1`
			`- https://github.com/KaeminMoore/Securityscripts`
			`- https://github.com/Kapotov/3.9.1`
			`- https://github.com/Live-Hack-CVE/CVE-2013-1620`
			`- https://github.com/Live-Hack-CVE/CVE-2016-2107`
			`- https://github.com/PeterMosmans/security-scripts`
			`- https://github.com/Vainoord/devops-netology`
			`- https://github.com/Valdem88/dev-17_ib-yakovlev_vs`
			`- https://github.com/Vladislav-Pugachev/netology-DevOps-dz_-14`
			`- https://github.com/WiktorMysz/devops-netology`
			`- https://github.com/alexandrburyakov/Rep2`
			`- https://github.com/alexgro1982/devops-netology`
			`- https://github.com/bysart/devops-netology`
			`- https://github.com/chnzzh/OpenSSL-CVE-lib`
			`- https://github.com/dmitrii1312/03-sysadmin-09`
			`- https://github.com/eldron/metls`
			`- https://github.com/geon071/netolofy_12`
			`- https://github.com/hrbrmstr/internetdb`
			`- https://github.com/ilya-starchikov/devops-netology`
			`- https://github.com/jquepi/tlslite-ng`
			`- https://github.com/lnick2023/nicenice`
			`- https://github.com/nikolay480/devops-netology`
			`- https://github.com/odolezal/D-Link-DIR-655`
			`- https://github.com/pashicop/3.9_1`
			`- https://github.com/qazbnm456/awesome-cve-poc`
			`- https://github.com/sahithipriya03/Security-using-python-scripts`
			`- https://github.com/sailfishos-mirror/tlslite-ng`
			`- https://github.com/stanmay77/security`
			`- https://github.com/summitto/tlslite-ng`
			`- https://github.com/tlsfuzzer/tlslite-ng`
			`- https://github.com/xbl3/awesome-cve-poc_qazbnm456`
			`- https://github.com/yellownine/netology-DevOps`